Commit graph

11 commits

Author SHA1 Message Date
Robert Kaussow
e1a273d25d
Update docs deps to address cves (#2080)
Related-to: https://github.com/woodpecker-ci/woodpecker/pull/2078

Remaining CVEs:

```
❯ trivy fs --exit-code 1 --skip-dirs node_modules/,plugins/woodpecker-plugins/node_modules/ docs/
2023-08-01T10:02:36.911+0200	INFO	Vulnerability scanning is enabled
2023-08-01T10:02:36.911+0200	INFO	Secret scanning is enabled
2023-08-01T10:02:36.911+0200	INFO	If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2023-08-01T10:02:36.911+0200	INFO	Please see also https://aquasecurity.github.io/trivy/v0.43/docs/scanner/secret/#recommendation for faster secret detection
2023-08-01T10:02:36.963+0200	INFO	Number of language-specific files: 1
2023-08-01T10:02:36.963+0200	INFO	Detecting pnpm vulnerabilities...

pnpm-lock.yaml (pnpm)

Total: 2 (UNKNOWN: 0, LOW: 0, MEDIUM: 1, HIGH: 1, CRITICAL: 0)

┌─────────┬────────────────┬──────────┬───────────────────┬────────────────┬──────────────────────────────────────────────────────────────┐
│ Library │ Vulnerability  │ Severity │ Installed Version │ Fixed Version  │                            Title                             │
├─────────┼────────────────┼──────────┼───────────────────┼────────────────┼──────────────────────────────────────────────────────────────┤
│ got     │ CVE-2022-33987 │ MEDIUM   │ 9.6.0             │ 11.8.5, 12.1.0 │ missing verification of requested URLs allows redirects to   │
│         │                │          │                   │                │ UNIX sockets                                                 │
│         │                │          │                   │                │ https://avd.aquasec.com/nvd/cve-2022-33987                   │
├─────────┼────────────────┼──────────┼───────────────────┼────────────────┼──────────────────────────────────────────────────────────────┤
│ trim    │ CVE-2020-7753  │ HIGH     │ 0.0.1             │ 0.0.3          │ nodejs-trim: Regular Expression Denial of Service (ReDoS) in │
│         │                │          │                   │                │ trim function                                                │
│         │                │          │                   │                │ https://avd.aquasec.com/nvd/cve-2020-7753                    │
└─────────┴────────────────┴──────────┴───────────────────┴────────────────┴──────────────────────────────────────────────────────────────┘
```

- `trim` is pulled in by `@docusaurus/theme-classic` and can be ignored
due to
https://github.com/facebook/docusaurus/issues/7275#issuecomment-1113997259
- `got` can be ignored as well, see `trim`
2023-08-01 13:30:44 +02:00
6543
6d022712e8
Fix docs build (#1690)
Co-authored-by: Anbraten <anton@ju60.de>
2023-04-03 12:30:01 +02:00
Anbraten
dfd4622ba2
Point docs navbar items to selected version (#1434) 2022-11-19 15:21:03 +01:00
qwerty287
38198f83c4
Update all dependencies (#1291) 2022-10-19 10:15:58 +02:00
Lukas
fd6923fe20
Replace yarn with pnpm (#1240)
Should resolve startup issues in gitpod and be a lot faster 🚀
2022-10-08 16:15:07 +02:00
Anbraten
62d82765fd
Improve plugins index (#1200)
Co-authored-by: qwerty287 <80460567+qwerty287@users.noreply.github.com>
2022-09-25 19:04:47 +02:00
Anbraten
ee97977b93
Update and cleanup docs (#851)
- migrate step conditions back into pipeline syntax, but show 2-4 level in toc to be able to see `when` keywords
- create new backend section in admin docs
- update docusaurus
- remove prefix docker of container / container-image where possible
- replace terms SCM, VCS, Github with [forge](https://en.wikipedia.org/wiki/Forge_(software))
- add darkmode favicon variant
2022-04-06 17:15:28 +02:00
Anbraten
9ff0f230ec
Add awesome page (#744) 2022-02-04 10:53:03 +01:00
Anbraten
934847e855
update docs (#611) 2021-12-18 01:05:23 +01:00
Anbraten
c4700e9693
Update docs dependencies (#553) 2021-11-27 15:13:00 +01:00
Anbraten
0812a29163
Add plugin marketplace (for official plugins) (#451)
Co-authored-by: 6543 <6543@obermui.de>
2021-10-19 18:54:01 +02:00